Search Results for 'spam'
-
AuthorSearch Results
-
September 8, 2010 at 6:25 am #91835
In reply to: Marked Spammer Keeps Posting
Paul Wong-GibbsKeymasterIt ought to block spammers properly. What version of BP are you testing this on?
September 8, 2010 at 6:23 am #91834In reply to: Not a spammer but marked as a spammer?
September 8, 2010 at 4:18 am #91833In reply to: Not a spammer but marked as a spammer?
LPH2005ParticipantGo to the domain.com/member/account and use the pull down from the admin bar to mark the account as “not a spammer”
September 8, 2010 at 1:07 am #91821pcwriterParticipantIn your WP dashboard, go to “Users” and check the box next to the name of the user highlighted in red. Then, select “Not Spam” from the “Bulk Actions” dropdown (top or bottom of your user list). Click “Apply”. Should do it.
September 8, 2010 at 12:50 am #91817In reply to: Not a spammer but marked as a spammer?
jordashtalonMemberIs there anyway to manually activate a users account? How can you manually “Un Spam” a user?
September 7, 2010 at 12:16 pm #91763In reply to: New Members never get activation email
MicahParticipantnope, not in spam folder. when I try to input the link while logged in as admin, it simply redirects to the homepage. the bp site is http://www.thecrookedpolitician.com
test user is not showing up at all and is not marked as spam.
September 7, 2010 at 9:55 am #91749In reply to: How do you “Forcibly Log Out a User”?
afritechParticipant@hnla My first reaction was to mark them as spam then delete from BP admin bar. Marked as spam successfully but not deleting didn’t work 2 cases. Maybe a straight delete works, I will try that next.
They were successfuly deleted though from the WP back-end under “Users” and logged out. Their forum posts are not inherited.
September 7, 2010 at 3:14 am #91725In reply to: New Members never get activation email
LPH2005ParticipantAre you sure that the email was not placed in a spam folder?
Login as admin and go to domain.name/members/userid
There should be a marking stating the person is marked as a spammer. This comes from not activating the account from the email. It can be easily changed by pulling down from the admin bar.
September 5, 2010 at 9:59 am #91595In reply to: How do you “Forcibly Log Out a User”?
Hugo AshmoreParticipant@afritech I meant ‘delete’ a user rather than mark them as spammer does that not instantly halt them?
@djpaul Actually delete from adminbar – Admin-Options works fine on 1.2..5.2 so it must have been an earlier version that had issues or it manifests under certain conditions which aren’t occurring at present -if that’s so and I catch it I’ll add a ticket.
edit/ On 2.9.2 /1.2.5 it threw an error but haven’t really time to establish whether that is due to the modified install or 1.2.5 rather than 1.2.5.2 or some plugin interaction.September 3, 2010 at 4:14 pm #91438In reply to: weird problem with Private messaging –
krisklParticipantI just had another check, from another profile and
user with ‘normal’ rights
and the same problem happens,
message is sent to 2 people, One random, and one who I have deleted as admin for spamming via wordpress admin panel
September 1, 2010 at 7:02 pm #91240In reply to: weird problem with Private messaging –
krisklParticipantsorry, it is WPMU 2.9.1 and Buddypress 1.2.3 (I think)
there are many plugins installed and some small modifications, but not related to PMwhat I think may have triggered it, is i had to delete some spammers, and deleting via buddypress did not seem to work, so I went to wp-admin and deleted one or two spammers there,
but it asked me to transfer their posts to my (admin) profile,
there were no posts, but that dialog box came up, so I accepted it.
and it had completed the delete process successfully,September 1, 2010 at 6:01 am #91190In reply to: Some members cant post?
Paul Wong-GibbsKeymasterAssuming those aren’t spammer user accounts, they need to log in to your site at least once after BuddyPress has been installed to show up.
paulhastings0Participant@catchit If I remember correctly Akismet is only for blog comments… not blog posts, forum posts, or updates. To prevent that you’ll need to prevent spam users from signing up for your site in the first place. I would recommend using the BuddyPress Humanity plugin.
August 28, 2010 at 9:16 pm #90761In reply to: BuddyPress Spam
pcwriterParticipantI think someone more knowledgeable about things .htaccess could better answer that question. I’m really still learning about all this stuff myself.
About your other idea though… now that could be brilliantly simple! It could sure put one heck of a damper on the efforts of human sploggers who are, if their activities are any indicator, a lazy bunch. Only thing is, it wouldn’t do much for those bots who manage to squeeze through whatever “backdoor” they happen to find (or make).
Anyone want to take on a little “Avatar Required” plugin challenge here?
August 28, 2010 at 8:21 pm #90752In reply to: BuddyPress Spam
Ted MannParticipant@pcwriter It’s weird. I tried a proxy server, and was still able to get to the signup page by typing in the url, which leads me to believe the htaccess change isn’t taking right. Is there anything that could be interfering?
I had another anti-spam idea: Would there be a way to require a user to have an avatar? What I’ve noticed is that all the spam signups have no avatars. Wondering if making that essentially the same as required profile fields would help.
August 28, 2010 at 5:05 pm #90723In reply to: BuddyPress Spam
pcwriterParticipantIf you’re using the same machine that you normally use to access that page, it’s highly unlikely that you get redirected, ‘cuz as site admin, your IP has already been “goldlisted” and you’re known as one of the good guys.
To really test if it’s working properly, and there’s no reason it shouldn’t be, try accessing the url directly from an airport or internet café with wifi. Or, better yet, through a proxy server.
You could also have some fun and try this:
Set up 2 email accounts at any test site you’ve got going (the weirder the names, the better). From a different IP (another computer), email your wp-signup link from one account to the other, and click on it. If you’ve never sent emails to your buddypresssite from the test site (thus, sender unknown), that access attempt would probably be flagged and you’d probably get bumped. Just my thoughts…August 28, 2010 at 1:44 pm #90704In reply to: Every day, seven thousand new members!
OnlyBlueParticipantAugust 28, 2010 at 1:10 pm #90692In reply to: BuddyPress Spam
Ted MannParticipantSo, I have a question re: the htaccess tweak to block spam registrations. If I type http://mybuddypressite.com/wp-signup into my browser, I should get automatically redirected to my GOAWAY page, right? If that’s not happening, am I doing something wrong?
August 28, 2010 at 1:02 pm #90691In reply to: BuddyPress Spam
Ted MannParticipantThank you so much, @pcwriter
I’ve been using IP banning now for two days, and that has virtually eliminated most spam signups. Much as I hate to go that route, it’s great to have something that finally works. Will make the htaccess and wp-config changes today, too. Thanks again.August 28, 2010 at 10:02 am #90681In reply to: Every day, seven thousand new members!
Roger CoathupParticipant@onlyblue – I suspect a good sweep to remove all the spam accounts will get it down to a sensible and useful members directory
It’ll need a good automated tool!
August 27, 2010 at 4:56 am #90534In reply to: BuddyPress Spam
pcwriterParticipantOops! That last bit didn’t post correctly. Enclose the first and last lines in < brackets.
files wp-config.php
order allow,deny
deny from all
/filesAugust 27, 2010 at 4:52 am #90533In reply to: BuddyPress Spam
pcwriterParticipantThis is what I’ve added to .htaccess to block bots:
# IF THE UA STARTS WITH THESE
RewriteCond %{HTTP_USER_AGENT} ^(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(libwww-perl|widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) [NC,OR]
# STARTS WITH WEB
RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) [NC,OR]
# ANYWHERE IN UA — GREEDY REGEX
RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC]
# ISSUE 403 / SERVE ERRORDOCUMENT
RewriteRule . – [F,L]To help block spam registrations, add the following to .htaccess, then create a simple GOAWAY type html page and upload to your root directory:
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup.php*
RewriteCond %{HTTP_REFERER} !.yoursitehere.com. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://yoursitehere.com/yourgoawaypage.html [R=301,L]Add the following to .htaccess to deny access to wp-config.php to anyone who doesn’t have your ftp details:
order allow,deny
deny from allInstead of example.com/register or example.com/sign-up, use something like example.com/unb2x-2010 for your register page. If you were a spammer, would that look like an inviting url to hack?
Hope this helps
August 27, 2010 at 4:33 am #90531In reply to: BuddyPress Spam
Ted MannParticipant@pcwriter, you rock. Going to try all of these. Few quick q’s:
1. With the list of bad blocks, you added all these to your HT access file? Is there any downside to having such a lengthy htaccess? Could you anonymize yours and post it?2. What does “Added “deny from all” in .htaccess for wp-config.php” mean?
3. When you say you changed “register slug to something unrecognizable,” what sort of thing did you use? Garbledygook, or just something like “/whats-up”
August 26, 2010 at 3:20 pm #90471In reply to: BuddyPress Spam
thelandmanParticipant@pcwriter. That is quality. Thanks for the tips!
August 26, 2010 at 2:41 pm #90466In reply to: BuddyPress Spam
pcwriterParticipantI was having 5 or 6 sploggers sign up daily no matter what I did until about 2 weeks ago when I revamped my tactics. Since then, I have had 0 spam signups… not one. Fingers crossed Here’s what I’ve done:
– Removed references to WP/BP in footer text
– Changed the register slug to something unrecognizable that has no bearing whatsoever to the concept of signing up (so even those grossly underpaid 3rd-world human spammers can’t figure it out)
– Installed WPMU Super Captcha to let the nice humans through: https://wordpress.org/extend/plugins/super-capcha/
– Installed WP-Ban to block the not-so-nice ones: https://wordpress.org/extend/plugins/wp-ban/
– Installed Buddypress Humanity as a double-check: https://buddypress.org/community/groups/buddypress-humanity/
– Blocked lists of bad bots in .htaccess as suggested in this post: https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=2&num=15#post-60177
– Added “deny from all” in .htaccess for wp-config.php
– If someone does manage to access the register page through a direct url (without visiting any other page first), they are bumped to a GOAWAY page with the following in .htaccess. .# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup.php*
RewriteCond %{HTTP_REFERER} !.examplesite.com. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://examplesite.com/goaway.html [R=301,L]So far, so good. As I mentioned, not a single splogger has managed to get through in about 2 weeks. If they do, there are 2 ingredients in the above recipe that can be adjusted:
– the captcha image is fully customizable to render bot algorithms redundant (hopefully)
– the register slug can be changed as often as you change socksOn a final note, there are also some interesting tweaks to be found here: http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/
-
AuthorSearch Results